From: Daxter Gulje (dgulje@housing.ucsb.edu)
Date: Fri Sep 28 2001 - 11:37:22 CDT
That's precisely how I've set it up here...all non-registered
students receive 10.10.x.x addresses until they register. However, that
doesn't stop someone who is non-registered from just checking their
neighbour's configs and learning their own subnet/DNS/gateway settings
and then just grabbing whatever IP they wish.
Stopping them is my project for next week ;). As it is, it's
not even a noticeable issue (non-registered static IP clients)...as
someone said earlier in this thread, most students don't know enough or
don't care enough about how any of this works to go to any trouble (and
I appreciate them for it!)
/Dax
__________________________________________
Daxter Gulje
Assistant ResNet Coordinator
University of California, Santa Barbara
805.893.4747
-----Original Message-----
From: John Hascall [mailto:john@iastate.edu]
Sent: Friday, September 28, 2001 6:40 AM
To: netreg@southwestern.edu
Subject: Re: NetReg: Force use of DHCP server vs picking your own
manually
> I think I get the idea now. I suppose ideally in addition to blocking
> the non registered addresses, you'd keep the ip domain for registered
> users with-in a few hundred addresses of your actual number of users
to
> maximize the chance that the dhcp server will try to use it. So you
can
> find out and yell at them.
> Further more, you could make your addressing system harder to figure
out
> by choosing more random smaller chunks of the address space in the
> registered and unregistered pools. So, rather than 172.16.2.0-->
> 172.16.4.0 is unregistered and 172.16.5.0--> 172.16.8.0 being
registered
> addresses, something more like:
Actually using a non-routable (reserved for local LAN) address range
for your unregistered users is best.
For example:
pool {
range 10.11.20.1 10.11.20.199;
allow unknown clients;
deny dynamic bootp clients;
min-lease-time 300;
default-lease-time 600;
max-lease-time 1200;
option domain-name-servers netreg-1.ait.iastate.edu;
}
pool {
range 129.186.21.1 129.186.21.199;
deny unknown clients;
deny dynamic bootp clients;
ddns-updates on;
}
You will never route 10.x.y.z past your (campus) border router.
John
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:36 CDT